For a while now I’ve been using different web browsers to compartmentalize my risk. Most of my primary browsing is in one browser, but I use another for potentially risky activities I want to isolate more. Running different browsers for different sessions isolates certain types of attacks. For example, unless someone totally pwns you with malware, they can’t execute a CSRF attack if you’re on the malicious site in one browser, but using a totally separate browser to check your bank balance. Actually, to be totally safe you shouldn’t even run both browsers at the same time.

Last night I was talking with RobertRsnakeHansen of SecTheory about this and he finally convinced me to take my paranoia to the next level.

Here’s the thing- what I’m about to describe may be overkill for many of you. Because of what I do for a living my risk is higher, so take this as an example of where you can take things, but many of you don’t need to be as paranoid as I am. On the other hand, Robert is at even higher risk, and takes even more extreme precautions. I also purposely use a combination of virtualization and browser diversity to further limit my exposure. In all cases there are completely different applications, not just instances of the same platform.

My web browsers break out like this. I won’t list which specific browsers I use except in a few cases:

  1. Everyday browsing: low risk, low value sites. I use one of the main browsers, and even use it to manage my low value passwords.
  2. Everyday browsing 2: slightly higher risk, but even lower value. Basically, it’s the browser in my RSS reader.
  3. Blog management: a third browser dedicated to running Securosis. This is the bit Robert convinced me to start. I use it for nothing else.
  4. Banking: Internet Explorer running in a Windows XP virtual machine. I only use it for visiting financial sites. To be honest, this is as much a reflection of my bank’s web app as anything else. I can deposit using my scanner at home, but only in IE on Windows.
  5. High risk/research: a browser running in a non-persistent Linux virtual machine. Specifically, it’s Firefox running off the Backtrack read-only ISO. Nothing is saved to disk, and that virtual machine doesn’t even have a virtual hard drive attached.

This setup isn’t really all that hard to manage since it’s very task-based. Now the truth is this only protects me from some (major) web based attacks. If my system is compromised at the host OS level, the attacker can just capture everything I’m doing and totally own me. It doesn’t prevent the browser from being that vector, so, like everyone, I take the usual precautions to limit the possibility of malware on my system (but no AV, at least not yet).

For average users I recommend the following if you don’t want to go as far as I have:

  1. One browser for everyday browsing. I like Firefox with NoScript.
  2. Another for banking/financial stuff.
  3. If you go to “those” sites, stick with a virtual machine. Oh, don’t pretend you don’t know what I’m talking about.